DISA makes headway on key enterprise initiatives

Dec 05, 2011

The Defense Information Systems Agency (DISA) saw momentous changes and challenges in 2011. The agency began the year celebrating its 50th anniversary as an organization, completing its headquarters move from Arlington, Va., to Fort Meade, Md., and ended the year with Air Force Maj. Gen. Ronnie Hawkins succeeding Army Lt. Gen. Carroll Pollett as its director.

“This has been a year of major transition for DISA. The move to Fort Meade was a huge change and it looks like they pulled if off pretty nicely,” said Warren Suss, president of Suss Consulting. “They retained more of their staff than anticipated. They are a little bit further away from the Pentagon, which will create its own challenges. But, by and large, the move has been successful and their worries were not realized.”

In the middle of that physical transition, DISA also took on a full plate of ambitious initiatives in 2011 that included continuing to put in place the building blocks for a Defense Department private cloud to migrating Army enterprise e-mail to host servers at DISA Defense Enterprise Computing Centers.

DISA’s 2011-2012 Campaign Plan, released in June, summed up the agency’s priority as providing “a core enterprise infrastructure of networks, computing centers, and enterprise services (Internet-like information services)” designed to support new service-oriented implementations, including cloud computing and server virtualization.

“There have been some DISA services in the cloud, such as forge.mil and RACE, but those have been relatively specialized, narrow instantiations of cloud services,” Suss said. “Now, with DISA moving into Army enterprise e-mail, they’re moving into a whole different level of cloud services, which are the day-to-day operational, end user-focused services.”

However, given the complexity and scale of this undertaking, the road to Army enterprise e-mail in 2011 saw some major speed bumps.

Operational pause

At the DISA Customer and Industry Forum in August, Army CIO Lt. Gen. Susan Lawrence described the service’s enterprise e-mail migration as “bold and audacious” in its plans to migrate 1.4 million unclassified Army users to the DISA-managed enterprise e-mail service. The Army’s large-scale migration began in April, but by the end of May had developed serious performance and reliability problems.

“We took off like gangbusters,” said Lawrence. “What we uncovered was an extremely, extremely dirty network. By putting everybody into this enterprise environment, we found we had 10 years of over 300 [Designated Approval Authorities] thinking they owned the network. We found firewalls where there shouldn’t be firewalls. We had software that couldn’t talk to other software. So, we had to bring a team together and literally just clean up the network.”

As a result, Army Maj. Gen. Jennifer Napper, commander of NETCOM/9th Signal Command, started an “operational pause” for the service’s e-mail migration on May 30.

According to Alfred Rivera, director of DISA’s computing services directorate, the problems that had to be resolved included configuration challenges at the base level that resulted in some large latency problems. Rivera said an Army/DISA triage team went to posts, camps and stations to figure out why there were inconsistencies at different sites. Among the configuration challenges also identified, he said, were at the operating system level for Blackberry users.

“There were inconsistent network configurations that were contributing to the latencies and I think the Army has really gotten a handle on that now,” Rivera said.

A report from Napper found that at the start of the operational pause, most installations had about 80 percent compliance with pre-migration guidelines, which eventually improved to 90 percent to 95 percent compliance. In addition, before the operational pause, she reported that “all Army installations had lots of issues with connections dropping and Outlook freezing” but these were “greatly reduced” after DISA made firewall architecture changes.

“In some cases, we were overly conservative in terms of the information flow through firewalls, both internally as well as externally, and got some efficiency gains and streamlining there,” said Alan Lewis, vice director of computing services at DISA. “Efficiencies and improvements were also made with the business and operational processes in a trouble-ticketing sense for incident reporting and problem management.”

On Sept. 6, the Army lifted its three-month operational pause for its migration to DISA-hosted enterprise e-mail. According to Rivera, DISA and the Army continue to leverage the lessons learned and improve procedures developed during the operational pause. As evidence, he pointed to the fact that October was the biggest month for Army enterprise e-mail, with 76,000 migrations.

Originally, the Army and DISA planned to complete the migration by the end of this year. However, March 2012 is the new goal.

“Things are progressing very well. We have over 220,000 users who have migrated now [as of November],” said Rivera. “We’re moving on average about 5,000 users a night into the system. The goal being that we will have all 1.4 million users provisioned on enterprise e-mail for the U.S. Army by the late March time frame.”

Rivera said the Africa, European, Strategic and Transportation commands all have plans for a DISA-hosted enterprise e-mail migration. Discussions are continuing with the Northern and Pacific commands and the Defense Logistics Agency, he said.

Although DISA has not signed up services other than the Army to migrate to DISA-managed enterprise e-mail, Rivera said the Air Force is very interested – an opinion shared by Air Force CIO Lt. Gen. William Lord.

“I would like General Pollett to be the cloud provider for us,” said Lord in August at the DISA Customer and Industry Forum. “It could be private cloud, could be public cloud, could be hybrid cloud. I think we can use a combination of all of those. Right now, I would tell you that the Air Force is leaning towards DISA to stand up those things.”

“This is more than a proof of principle. It's more than a pilot,” Pollett said at the conference, referring to Army enterprise e-mail and the DISA cloud. “This is a game changer in terms of how we provide services within the department. This is the wave of the future.”

Leadership change

Although Pollett won’t be at the helm of DISA when the Army enterprise e-mail migration is completed in 2012, that's his legacy as DISA director. At press time, DISA officials declined to provide an exact date at which Hawkins would take over as DISA's top leader. Hawkins will return to DISA after briefly serving at the Pentagon as the Joint Staff's deputy director of command, control, communications and computer systems.

“Ronnie Hawkins will bring a lot of continuity to the job because he was the DISA vice director until recently, so he knows the organization well and all the players involved,” Suss said.

Although DISA might be gaining a seasoned veteran in Hawkins, the agency is losing a number of senior executives who have been the foundation of its organizational leadership. Paige Atkins, DISA’s director of strategic planning and information, recently left to become vice president for cyber and IT research at Virginia Tech’s Applied Research Corp. Filling Atkins' role is Tony Montemarano, who previously served as DISA’s component acquisition executive.

“Tony is a very well established leader at DISA and knows the organization inside and out, and has been involved in every key strategic decision as one of the DISA seniors for the past decade or more,” Suss observed.

Meanwhile, Richard Hale, DISA’s chief information assurance executive, left the organization to work as deputy to DOD CIO Teri Takai. With Hale’s departure, Mark Orndorff is continuing in his role as program executive officer for mission assurance and network operations as well as chief information assurance executive.

Going forward, DISA’s leadership in 2012 will continue to embrace the economies of the cloud environment, a fiscal reality in these budget constrained times. Consolidation and optimization are the models of efficiency and cost effectiveness as tough IT choices lie ahead at the enterprise level. As Pollett has said, cloud is a “game changer” and DISA intends to be the cloud provider for DOD.

“The big change this year is that the budget pressures and the change in technology have pushed DOD as well as DISA to make a real commitment to cloud services,” said Suss.

Technical guidance

In late October, DISA’s Enterprise Wide Systems Engineering issued a request for information from industry to help the agency come up with a “recommended interoperable DOD architecture to design, develop, and deploy cloud services from the DOD cloud service provider perspective." According to the RFI, there is an urgent need to develop a “coherent enterprise level DOD cloud computing technical framework, architecture, and implementation guidance supporting all cloud services for DOD to ensure the interoperability of DOD clouds.”

The technical guidance for cloud computing services that DISA is seeking from industry will cover how to build interoperable private cloud services. However, as Takai has contended, there will be situations where DOD will be able to use commercial cloud providers, as long as those providers meet the department's security standards.

In addition, Takai has made the case that there might be opportunities for DOD to leverage a public cloud for those applications that don't require that kind of security on its networks.

“Certain mission-critical applications will not leave a private cloud infrastructure,” said Ned Miller, chief cloud strategist for Symantec’s Public Sector market. “But, for other apps like virtual disaster recovery and Web services, DOD is going to look to migrate those to whatever service makes the most economical sense.”

“There’s definitely an opportunity for a hybrid cloud especially for those environments where we want to partner,” said DISA’s Rivera. “We have already started looking at opportunities where we can use hybrid clouds. [These are environments] where we still have some level of identity management and access but it’s in an environment that’s not necessarily in our dot-mil domain.”

However, Gunnar Hellekson, chief technology strategist for Red Hat's U.S. Public Sector, cautions against viewing technology as a panacea when it comes to cloud computing.

“All the technology in the world won’t overcome inefficiencies in the enterprise, and the move to cloud infrastructures draw those inefficiencies into the open,” Hellekson said. “So if you’re DISA, and you’re building a cloud, you want to pay attention to the entire ecosystem of policies and procedures around your infrastructure. If you focus on the narrow technical questions, you'll be unpleasantly surprised.”

As an example, he points to DISA’s Rapid Access Computing Environment (RACE), the agency’s private Infrastructure-as-a-Service solution that was one of its first cloud implementations. RACE, which went operational in late 2008, is a self-service portal which allows DOD users to provision servers in its secure computing environment.

“[DISA] did a lot of work to make it simple for their users to pay for computing power with a credit card,” said Hellekson. “Technically, the solution works just fine. In practice, their internal business rules make it impossible to transfer money between departments any quicker than three days. That means that no matter how flexible their internal IT systems are, they’re only moving as quickly as their weakest business process.”